[Secure-testing-commits] r20301 - data/CVE

Mon Oct 8 07:32:01 UTC 2012

Author: jmm
Date: 2012-10-08 07:32:01 +0000 (Mon, 08 Oct 2012)
New Revision: 20301

Modified:
   data/CVE/list
Log:
ruby1.9.1 fixed
xml-light fixed
glib fixed
tiff, tiff3 fixed
eucalyptus fixed
blender no-dsa
ocportal ITPed
NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-10-07 21:14:26 UTC (rev 20300)
+++ data/CVE/list	2012-10-08 07:32:01 UTC (rev 20301)
@@ -148,7 +148,7 @@
 CVE-2012-5235
 	RESERVED
 CVE-2012-5234 (Open redirect vulnerability in index.php in ocPortal before 7.1.6 ...)
-	TODO: check
+	- ocportal <itp> (bug #625865)
 CVE-2012-5233 (Cross-site scripting (XSS) vulnerability in the stickynote module ...)
 	TODO: check
 CVE-2012-5232 (Cross-site scripting (XSS) vulnerability in the Quickl Form component ...)
@@ -2196,14 +2196,14 @@
 	- linux <not-affected> (Vulnerable code introduced in 3.3)
 CVE-2012-4466
 	RESERVED
-	- ruby1.9.1 <unfixed> (low; bug #689075)
+	- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
 	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue)
 CVE-2012-4465
 	RESERVED
 	- cgit <itp> (bug #515793)
 CVE-2012-4464
 	RESERVED
-	- ruby1.9.1 <unfixed> (low; bug #689075)
+	- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
 	[squeeze] - ruby1.9.1 <not-affected> (Introduced in 1.9.3)
 CVE-2012-4463 [Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files]
 	RESERVED
@@ -2250,8 +2250,8 @@
 	- wordpress <unfixed> (bug #689031)
 CVE-2012-4447 [libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression]
 	RESERVED
-	- tiff <unfixed> (bug #688944)
-	- tiff3 <unfixed> (bug #688944)
+	- tiff 4.0.2-4 (bug #688944)
+	- tiff3 3.9.6-9 (bug #688944)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
 CVE-2012-4446
 	RESERVED
@@ -3163,11 +3163,11 @@
 CVE-2012-4066
 	RESERVED
 CVE-2012-4065 (Eucalyptus before 3.1.1 does not properly restrict the binding of ...)
-	- eucalyptus <unfixed> (bug #689599)
+	- eucalyptus 3.1.0-9 (bug #689599)
 CVE-2012-4064 (Eucalyptus before 3.1.1 does not properly restrict the binding of ...)
-	- eucalyptus <unfixed> (bug #689599)
+	- eucalyptus 3.1.0-9 (bug #689599)
 CVE-2012-4063 (The Apache Santuario configuration in Eucalyptus before 3.1.1 does not ...)
-	- eucalyptus <unfixed> (bug #689599)
+	- eucalyptus 3.1.0-9 (bug #689599)
 CVE-2012-4062
 	RESERVED
 CVE-2012-4061 (Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow ...)
@@ -4397,7 +4397,7 @@
 	- jabberd2 <unfixed> (bug #685666)
 CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privileged ...)
 	- dbus 1.6.8-1 (bug #689070)
-	- glib2.0 <unfixed>
+	- glib2.0 2.33.12+really2.32.4-2
 	[squeeze] - glib2.0 <not-affected> (Vulnerable code not present)
 	NOTE: fixed in 2.34.0-1 from experimental 
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
@@ -4438,7 +4438,7 @@
 	- qemu 1.1.2+dfsg-1
 	- qemu-kvm 1.1.2+dfsg-1
 CVE-2012-3514 (OCaml Xml-Light Library before r234 computes hash values without ...)
-	- xml-light <unfixed> (bug #685584)
+	- xml-light 2.2-15 (bug #685584)
 CVE-2012-3513 [remote execution as www-data]
 	RESERVED
 	- munin 2.0.6-1 (bug #684076)
@@ -7158,7 +7158,9 @@
 	- wordpress 3.0.3-1
 CVE-2010-5105 [blender /tmp/quit.blend temp file issue]
 	RESERVED
-	- blender <unfixed> (bug #584621)
+	- blender <unfixed> (low; bug #584621)
+	[squeeze] - blender <no-dsa> (Minor issue)
+	[wheezy] - blender <no-dsa> (Minor issue)
 CVE-2010-5104 (The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before ...)
 	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
 CVE-2010-5103 (SQL injection vulnerability in the list module in TYPO3 4.2.x before ...)
@@ -9177,11 +9179,11 @@
 CVE-2012-1605 (The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 ...)
 	- typo3-src <not-affected> (vulnerable code not yet present)
 CVE-2012-1604 (Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote ...)
-	TODO: check
+	NOT-FOR-US: NextBBS
 CVE-2012-1603 (Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS ...)
-	TODO: check
+	NOT-FOR-US: NextBBS
 CVE-2012-1602 (user.php in NextBBS 0.6 allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: NextBBS
 CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows host OS ...)
 	{DSA-2469-1}
 	- linux-2.6 3.2.17-1 (low)
@@ -9473,7 +9475,7 @@
 CVE-2012-1472 (VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not ...)
 	NOT-FOR-US: VMware vCenter Chargeback Manager
 CVE-2012-1471 (Directory traversal vulnerability in catalogue_file.php in ocPortal ...)
-	TODO: check
+	- ocportal <itp> (bug #625865)
 CVE-2012-1470 (Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php ...)
 	TODO: check
 CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open Journal ...)
@@ -11389,9 +11391,9 @@
 CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 ...)
 	NOT-FOR-US: WHMCompleteSolution
 CVE-2012-0692 (CA License (aka CA Licensing) before 1.90.03 allows local users to ...)
-	TODO: check
+	NOT-FOR-US: CA License
 CVE-2012-0691 (CA License (aka CA Licensing) before 1.90.03 does not properly ...)
-	TODO: check
+	NOT-FOR-US: CA License
 CVE-2012-0690 (TIBCO Spotfire Web Application, Web Player Application, Automation ...)
 	NOT-FOR-US: TIBCO Spotfire
 CVE-2012-0689 (The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ...)


